Test against different OpenSSL library versions

.github/actions/install-openssl/action.yml

@@ -0,0 +1,55 @@
+name: Install OpenSSL
+
+inputs:
+  version:
+    description: 'The version of OpenSSL to install'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Restore cached OpenSSL library
+      id: cache-openssl-restore
+      uses: actions/cache/restore@v4
+      with:
+        path: ~/openssl
+        key: openssl-${{ inputs.version }}
+
+    - name: Compile OpenSSL library
+      if: steps.cache-openssl-restore.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        mkdir -p tmp/build-openssl && cd tmp/build-openssl
+        case ${{ inputs.version }} in
+        1.1.*)
+          OPENSSL_COMMIT=OpenSSL_
+          OPENSSL_COMMIT+=$(echo ${{ inputs.version  }} | sed -e 's/\./_/g')
+          git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git .
+          echo "Git commit: $(git rev-parse HEAD)"
+          ./Configure --prefix=$HOME/openssl --libdir=lib linux-x86_64
+          make depend && make -j4 && make install_sw
+          ;;
+        3.*)
+          OPENSSL_COMMIT=openssl-
+          OPENSSL_COMMIT+=$(echo ${{ inputs.version  }})
+          git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git .
+          echo "Git commit: $(git rev-parse HEAD)"
+          if [[ ${{ inputs.version }} == 3.5* ]]; then
+            ./Configure --prefix=$HOME/openssl --libdir=lib enable-fips no-tests no-legacy
+          else
+            ./Configure --prefix=$HOME/openssl --libdir=lib enable-fips no-tests
+          fi
+          make -j4 && make install_sw && make install_fips
+          ;;
+        *)
+          echo "Don't know how to build OpenSSL ${{ inputs.version }}"
+          ;;
+        esac
+
+    - name: Save OpenSSL library cache
+      if: steps.cache-openssl-restore.outputs.cache-hit != 'true'
+      id: cache-openssl-save
+      uses: actions/cache/save@v4
+      with:
+        path: ~/openssl
+        key: ${{ steps.cache-openssl-restore.outputs.cache-primary-key }}

.github/actions/install-ruby/action.yml

@@ -0,0 +1,84 @@
+name: Install Ruby
+
+inputs:
+  version:
+    description: 'The version of Ruby to install'
+    required: true
+  openssl-version:
+    description: 'The version of OpenSSL used'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Restore cached Ruby installation
+      id: cache-ruby-restore
+      uses: actions/cache/restore@v4
+      with:
+        path: ~/rubies/ruby-${{ inputs.version }}
+        key: ruby-${{ inputs.version }}-${{ inputs.openssl-version }}
+
+    - name: Install Ruby
+      if: steps.cache-ruby-restore.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        latest_patch=$(curl -s https://cache.ruby-lang.org/pub/ruby/${{ inputs.version }}/ \
+           | grep -oP "ruby-${{ inputs.version }}\.\d+\.tar\.xz" \
+           | grep -oP "\d+(?=\.tar\.xz)" \
+           | sort -V | tail -n 1)
+        wget https://cache.ruby-lang.org/pub/ruby/${{ inputs.version }}/ruby-${{ inputs.version }}.${latest_patch}.tar.xz
+        tar -xJvf ruby-${{ inputs.version }}.${latest_patch}.tar.xz
+        cd ruby-${{ inputs.version }}.${latest_patch}
+        ./configure --prefix=$HOME/rubies/ruby-${{ inputs.version }} --with-openssl-dir=$HOME/openssl
+        make
+        make install
+
+    - name: Update PATH
+      shell: bash
+      run: |
+        echo "~/rubies/ruby-${{ inputs.version }}/bin" >> $GITHUB_PATH
+
+    - name: Install Bundler
+      shell: bash
+      run: |
+        case ${{ inputs.version }} in
+        2.7* | 3.*)
+          echo "Skipping Bundler installation for Ruby ${{ inputs.version }}"
+          ;;
+        2.5* | 2.6*)
+          gem install bundler -v '~> 2.3.0'
+          ;;
+        *)
+          echo "Don't know how to install Bundler for Ruby ${{ inputs.version }}"
+          ;;
+        esac
+
+    - name: Save Ruby installation cache
+      if: steps.cache-ruby-restore.outputs.cache-hit != 'true'
+      id: cache-ruby-save
+      uses: actions/cache/save@v4
+      with:
+        path: ~/rubies/ruby-${{ inputs.version }}
+        key: ${{ steps.cache-ruby-restore.outputs.cache-primary-key }}
+
+    - name: Cache Bundler Install
+      id: cache-bundler-restore
+      uses: actions/cache/restore@v4
+      env:
+        GEMFILE: ${{ env.BUNDLE_GEMFILE || 'Gemfile' }}
+      with:
+        path: ~/bundler/cache
+        key: bundler-ruby-${{ inputs.version }}-${{ inputs.openssl-version }}-${{ hashFiles(env.Gemfile, 'webauthn.gemspec') }}
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        bundle config set --local path ~/bundler/cache
+        bundle install
+
+    - name: Save Bundler Install cache
+      id: cache-bundler-save
+      uses: actions/cache/save@v4
+      with:
+        path: ~/bundler/cache
+        key: ${{ steps.cache-bundler-restore.outputs.cache-primary-key }}

.github/workflows/build.yml

@@ -24,17 +24,48 @@ jobs:
           - '3.3'
           - '3.2'
           - '3.1'
-          - '3.0'
-          - '2.7'
-          - '2.6'
-          - '2.5'
-          - truffleruby
+        openssl:
+          - '3.5.0'
+          - '3.4.1'
+          - '3.3.3'
+          - '3.2.4'
+          - '3.1.8'
+          - '3.0.16'
+          - '1.1.1w'
+        include:
+          - ruby: truffleruby
+          - ruby: '3.0'
+            openssl: '1.1.1w'
+          - ruby: '2.7'
+            openssl: '1.1.1w'
+          - ruby: '2.6'
+            openssl: '1.1.1w'
+          - ruby: '2.5'
+            openssl: '1.1.1w'
+
     steps:
     - uses: actions/checkout@v4
-    - uses: ruby/setup-ruby@v1
+
+    - name: Install OpenSSL
+      if: matrix.ruby != 'truffleruby'
+      uses: ./.github/actions/install-openssl
+      with:
+        version: ${{ matrix.openssl }}
+
+    - name: Manually set up Ruby
+      if: matrix.ruby != 'truffleruby'
+      uses: ./.github/actions/install-ruby
+      with:
+        version: ${{ matrix.ruby }}
+        openssl-version: ${{ matrix.openssl }}
+
+    - name: Set up Ruby
+      if: matrix.ruby == 'truffleruby'
+      uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
         bundler-cache: true
+
     - run: bundle exec rspec
       env:
         RUBYOPT: ${{ startsWith(matrix.ruby, '3.4') && '--enable=frozen-string-literal' || '' }}